So we learned last week that hackers successfully broke into one of Electronic Arts’ systems, accessing a slew of users’ personal information, including email and mailing addresses, phone numbers and birth dates.
The breach raises concerns about password security in the enterprise, especially as the consumerization of IT sees employees bringing more devices — and more passwords — to work. What’s more, many people use the same passwords for enterprise applications accessed via the web as they do for popular e-commerce and online content services. As if modern IT departments didn’t have enough to worry about, they now have to contend with the vulnerabilities that employees’ consumer passwords to services such as EA games create in corporate cloud services.
Studies show that about one half of consumers use the same (or very similar) password to all websites that require a log-in. So IT administrators must ask themselves if employees are using the same password they use to do online gaming to also access web-based company apps.
If not, your systems may already be compromised. The number of apps that your company uses is creating a new wave of complexity that was not addressed in the first wave of cloud expansion. That wave was driven by the proliferation of applications with little consideration given to the underlying systems required to manage them.
Between their work accounts and personal accounts, employees have a lot of usernames and passwords to remember. I just counted my business and personal accounts, and if I weren’t using a solution like Okta at work, I would have 51 unique usernames and passwords I would have to remember. That’s a lot! As a result, most employees access their cloud-based business apps the same way they access Amazon, eBay and other consumer services, creating the very real threat that a username and password stolen from a consumer service could provide hackers easy access to your most sacred business information.
The consumerization of IT isn’t going away, and neither is the cloud. Modern IT departments need to manage a decidedly more complex landscape, and single sign-on for all employee applications, whether consumer, enterprise or on-premise, offers an important security safeguard.